Add critical threshold for TLS expiration days in TLS mode

Author: Luca De Rugeriis

check_kubernetes.sh

@@ -1,6 +1,5 @@
 #!/bin/bash
 # shellcheck disable=SC2181,SC2207,SC2199,SC2076
-#
 
 ##########################
 # Perform checks against Kubernetes API or with tab help of kubectl utility
@@ -31,6 +30,7 @@ usage() {
 	                    - Pvc storage utilization; default is 80%
 	                    - API cert expiration days for apicert mode; default is 30
 	  -c CRIT          Critical threshold for
+	                    - TLS expiration days for TLS mode; default is 5
 	                    - Pod restart count (in pods mode); default is 150
 	                    - Unbound Persistent Volumes in unboundpvs mode; default is 5
 	                    - Job failed count in jobs mode; default is 2
@@ -298,6 +298,7 @@ mode_pvc() {
 
 mode_tls() {
     WARN=${WARN:-30}
+    CRIT=${CRIT:-5}
 
     count_ok=0
     count_warn=0
@@ -338,6 +339,10 @@ mode_tls() {
                 ((count_crit++))
                 EXITCODE=2
                 OUTPUT="$OUTPUT $ns/$cert is expired."
+            elif [ "$diff" -le "$((CRIT*24*3600))" ]; then
+                ((count_crit++))
+                EXITCODE=2
+                OUTPUT="$OUTPUT $ns/$cert is about to expire in $((diff/3600/24)) days."
             elif [ "$diff" -le "$((WARN*24*3600))" ]; then
                 ((count_warn++))
                 if [ "$EXITCODE" == 0 ]; then